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I. Real Party in Interest 

The real party in interest in the present application is the Assignee, 
International Business Machines Corporation of Armonk, New York, as 
evidenced by the Assignment set forth at Reel 014720/0374. 



Appeal Brief 



2 



Serial No. 10/849,610 
Atty Docket No. AUS920040101 US1 

II. Related Appeals and Interferences 

There are no Appeals or Interferences known to Appellant, Appellant's 
legal representative, or assignee which may be related to, directly affect or be 
directly affected by or have a bearing on the Board's decision in the pending 
appeal. No decisions have been rendered by a court or the Board in any related 
applications. 
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ML Status of Claims 

1. Status of All Claims in Application 

a. Claims Rejected: 1-9. 

b. Claims Allowed or Confirmed: None. 

c. Claims Withdrawn from Consideration: None. 

d. Claims Objected to: None. 

e. Claims Cancelled: 10-25. 

2. Claims on Appeal 

a. The claims being appealed are: 1-9. 

b. The claims being appealed stand finally rejected as noted by the 
Examiner in the Examiner's Action dated July 10, 2008. These 
rejected claims, which form the basis of this appeal, are reproduced 
in the attached Appendix. 
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IV. Status of Amendments 

The Examiner finally rejected claims 1-9 in a final office action dated July 
10, 2008. No amendments to claims 1-9, which are on appeal, were made 
following the final office action dated July 10, 2008. 
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V. Summary of Claimed Subject Matter 

Claim 1 is directed to a computer-implemented method for secure 
password entry. (Specification, page 2, paragraph 0016, lines 1-7). The method 
comprises the element of displaying a password prompt comprising a changing 
stream of random characters, wherein a particular character within the changing 
stream of random characters is displayed at a visibly detectable higher 
frequency. (Specification, page 2, paragraph 0017, lines 1-5, page 6, paragraph 
0053, lines 1-11). In addition, the method comprises the element of receiving 
input to increment or decrement the particular character to reach a password 
character of a password. (Specification, page 2, paragraph 0017, lines 5-10, 
page 6, paragraph 0054, lines 1-4, paragraph 0057, lines 1-4). 

Claim 2 is directed to the method of claim 1 and is further directed to the 
element of displaying a plurality of character positions, wherein a stream of 
random characters is displayed in each of the plurality of character positions, 
wherein a particular position from among the plurality of character positions 
provides the password prompt. (Specification, page 2, paragraph 0018, lines 1- 
6, page 2, paragraph 0019, lines 1-5, page 5, paragraph 0053, lines 1-2). 

Claim 3 is directed to the method of claim 2, and is further directed to the 
element of adjusting which character position from among the plurality of 
character positions provides the password prompt. (Specification, page 2, 
paragraph 0019). 

Claim 4 is directed to the method of claim 2, and is further directed to the 
element of adjusting a number of the plurality of character positions. 
(Specification, page 5, paragraph 0051, lines 1-5). 

Claim 5 is directed to the method of claim 1 , and is further directed to the 
element of responsive to receiving input of a character selection input for 
selecting the particular character, selecting the particular character as the 
password character from among a plurality of separately selectable password 
characters of the password. (Specification, page 2, paragraph 0017, lines 5-10, 
page 6, paragraph 0058, lines 1-3). In addition, the method comprises the 



Appeal Brief 



6 



Serial No. 10/849,610 
Atty Docket No. AUS920040101 US1 

element of responsive to receiving input of a password completion character 
indicating that the password is complete, securely passing each separately 
selected password character of the password to a requesting software layer. 
(Specification, page 2, paragraph 0017, lines 10-14, page 6, paragraph 0058, 
lines 5-6). 

Claim 6 is directed to the method of claim 1 and is further directed to the 
element of responsive to receiving a request for a password from a software 
layer within a data processing system, invoking a password entry controller from 
within the data processing system, wherein the password entry controller controls 
the displaying the password prompt and the receiving input to increment or 
decrement the particular character. (Specification, page 4, paragraph 0042, lines 
5-9, page 4, paragraph 0043, lines 6-9). 

Claim 7 is directed to the method of claim 1 and is further directed to the 
element of responsive to receiving, at a client system, a request for a password 
entry from a server system from which the client system is attempting to access a 
resource, invoking a password entry controller from within the data processing 
system, wherein the password entry controller controls the displaying the 
password prompt and the receiving input to increment or decrement the 
particular character. (Specification, page 4, paragraph 0042, lines 1-9). 

Claim 8 is directed to the method of claim 1 and is further directed to the 
element of generating the stream of random characters, wherein the particular 
character is randomly selected. (Specification, page 5, paragraph 0020, lines 1- 
2). 

Claim 9 is directed to the method of claim 1 and is further directed to the 
element of adjusting a frequency percentage at which the particular character is 
displayed in the stream of random characters. (Specification, page 5, paragraph 
0020, lines 2-5). 
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VI. Grounds of Rejection to be Reviewed on Appeal 



1. Claims 1-9 stand rejected under 35 U.S.C. §1 03(a) as being allegedly 
unpatentable over Baker (US Patent 5,428,349) in view of Hoover (6,209,102). 
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VII. Argument 

1. 35 U.S.C. 103(a), Alleged Obviousness under Baker in view of 
Hoover, Claims 1-9 

The Final Office Action rejects 1-9 under 35 U.S.C. §1 03(a) as being 
allegedly unpatentable over Baker (US Patent 5,428,349) in view of Hoover (US 
Patent 6,209,102). [Final Office Action, p. 5] 

As noted in the Office Action, under 35 USC §1 03(a) a patent may not be 
obtained though the invention is not identically disclosed as described as set 
forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. In Graham 
v. John Deere, the Supreme Court clarified that "under 103, in considering the 
obviousness or nonobviousness of the subject matter, the scope and content of 
the prior art are to be determined; differences between the prior art and the 
claims at issue are to be ascertained; and the level of ordinary skill in the 
pertinent art resolved, in addition to evaluating evidence of secondary 
considerations." Graham, 383 U.S. 1, 148 USPQ 459 (1966). 

The Examiner bears the initial burden of supporting any prima facie 
conclusion of obviousness. See in re Rinehart, 531, F.2d 1048, 189, USPQ 143 
(CCPA 1976); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 
(2007); MPEP 2142. The key to supporting a rejection under 35 USC 103 is the 
clear articulation of the reasons why the claimed invention would have been 
obvious; the analysis supporting a rejection under 35 USC 103 should be made 
explicit. See KSR International Co., 82 USPQ2d at 1396; MPEP 2142 (Rev. 6, 
Sept. 2007). 

Appellants traverse the rejection of claims 1-9. Appellants respectfully 
assert that the Office Action fails to establish a prima facie case of obviousness 
because the Office erred in the Graham factual findings and there is no clear 
articulation of the rationale supporting a conclusion of obviousness. Because the 
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Office Action fails to establish a prima facie case of obviousness, Appellants 
respectfully request withdrawal of the rejection under 35 USC 103(a) and 
allowance of the claims. The claims do not stand or fall together. 



Claim 1 

Claim 1 reads: 

1 . A computer-implemented method for secure password entry, 
comprising: 

displaying a password prompt comprising a changing stream 
of random characters, wherein a particular character within said 
changing stream of random characters is displayed at a visibly 
detectable higher frequency; and 

receiving input to increment or decrement said particular 
character to reach a password character of a password. 

Appellants respectfully assert that the Office has erred in finding a prima 
facie case of obviousness as to claim 1 because under a proper Graham 
analysis, when Baker and Hoover are considered as a whole, the references do 
not teach the elements of claim 1 and there is no clear statement as to the 
rationale for one of ordinary skill in the art finding claim 1 as a whole obvious in 
view of the differences between Baker and Hoover and claim 1 . 



displaying a password prompt comprising a changing stream of random 
characters, wherein a particular character within said changing stream of random 
characters is displayed at a visibly detectable higher frequency; 

First, in the Graham inquiry, as to the scope and contents of Baker, the 

Final Office Action cites Figures 2-4 and the abstract of Baker as reading on the 

claimed element of a computer-implemented method for secure password entry . 

[Final Office Action, p. 5] The abstract of Baker describes: 

a password access method/algorithm is effected by 
generating a pseudorandom array of each letter of the alphabet and 
the numerals 0 and 9 such that the password entry can be 
monitored without disclosing the letters or numerals contained in 
the password. The preferred arrangement is a square matrix of six 
rows and six columns or characters. The user enters the password 
by selecting either the row or column containing each letter of a 
memorized password. 
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Figures 2 and 3 of Baker describe I/O displays of Figure 1 (Baker, col. 2, lines 
24-48) and Figure 4 of Baker describes a flow diagram for the password entry 
algorithm of Baker (Baker, col. 3, lines 13-15). 

In addition, as to the scope and contents of Baker, the Final Office Action 
cites Baker, element 8 in Figures 2 and 3 as describing "where a stream of 
random characters is displayed" as reading on displaying a password prompt 
comprising a changing stream of random characters . [Final Office Action, p. 5] 

Appellants note that col. 1, line 63 - col. 2, line 10 of Baker provide a 

summary of Baker which describes the scope of Baker, and reads as follows: 

According to the present invention, a display of a 
randomized matrix of alphanumeric characters is created for the 
user on a display device. The user visually scans the display and 
then selects the column (or in an equivalent representation, the 
row) containing the first character of the memorized password. The 
matrix is rererandomized and the process continued until the entire 
password has been entered. Since the successive characters of 
the memorized password appear with equal probability in columns 
or rows of the matrix, the actual columns or rows selected are most 
likely different each time the password is entered. Further, due to 
the plurality of characters in the selected column or row, the 
recording of both the displayed matrix and the user inputs does not 
disclose the memorized password making this method and 
apparatus particularly useful. 

In Appellant's response dated 4/17/2008 (page 7), Appellants noted that 
element 8 in Figs. 2 and 3, refers to the "thirty-six characters" including twenty-six 
letters of the alphabet plus the integers zero through nine. Baker, col. 2, lines 
60-63. Appellants noted that Figures 2 and 3 of Baker describe an I/O device that 
"displays a random array of characters 8 consisting of six columns and six 
characters each." Baker, col. 2, lines 58-61 . Appellants also noted that when 
Baker is viewed as a whole, it is clear that the random array of characters is not a 
changing stream of random characters, but instead noted that Col. 3, lines 28-44 
and col. 4, lines 5-10 of Baker specify that for each letter of a password, the 
same thirty-six characters, representing each letter of the alphabet and each 
number, are randomly ordered into an array and concurrently displayed together 
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in a matrix of nine by four or six by six proportion. Thus, Appellants asserted and 
continue to assert that Baker, when viewed as a whole, describes concurrently 
displaying a different, randomly ordered matrix of all 36 characters for each letter 
of a password. Baker's matrix of 36 concurrently displayed characters does not 
teach a single password prompt comprising a changing stream of random 
characters. 

In response to Appellants previous assertions as to the scope and 
contents of Baker and Baker when properly viewed as a whole, the Examiner 
states "the system of Baker does not display 'same set of 36 different characters' 
as Appellant argued, but displays random array of characters in a 6*6 matrix [or 
in 36 prompt positions]." [Final Office Action, p. 2] 

Appellants respectfully submit that within the Final Office Action the 
Examiner states contradictory positions as to the scope and contents of Baker, 
and therefore the Examiner has further erred in interpreting the scope and 
contents of Baker. The Examiner's concludes on page 2 of the Final Office 
Action that "Baker does not display 'same set of 36 different characters' as 
Appellant argued, but displays random array of characters in a 6*6 matrix [or in 
36 prompt positions]." [Final Office Action, p. 2] This position taken by the 
Examiner that each separate character in a matrix is a prompt position takes the 
position that Baker's "random array of characters" actually describes 36 different 
prompt positions, each containing a single character, which directly contradicts 
the Examiner's position that Baker teaches the claimed element of a display a 
password prompt comprising a changing stream of random characters. [Final 
Office Action, p. 5] 

In addition, in considering the differences between Baker and Hoover and 
claim 1 , Appellants respectfully submit that the Examiner has erred by failing to 
consider each element of displaying a password prompt comprising a changing 
stream of random characters . Appellants note that all claim limitations must be 
considered in judging the patentability of that claim against the prior art. In re 
Wilson, 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). Appellants 
respectfully submit that the Examiner has failed to address how element 8 of 
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Figures 2 and 3 of Baker, which illustrates a matrix of a concurrently displayed 
random array characters, can read on the claimed password prompt comprising 
a changing stream of random characters. In addition, in view of the Examiner's 
position that Baker's random array of characters in a 6*6 matrix (or in 36 prompt 
positions), Appellants respectfully submit that the Examiner has failed to address 
how a matrix of 36 prompt positions can read on the claimed password prompt 
with a changing stream of random characters. 

Returning to the scope and contents of Baker, the Office Action cites 
Baker steps 22 and 23 in Fig. 4 as describing "where array of alpha-numeric 
characters are displayed in a visibly detectable frequency" as reading on wherein 
a particular character within said changing stream of random characters is 
displayed at a visibly detectable higher frequency . [Final Office Action, p. 5] 

In Appellants' response dated 4/17/08 (page 8), Appellants previously 
noted that Step 22 in Figure 4 of Baker describes "generate random ordered 
alpha-numeric array of 0. . .9 and A. . .Z" and step 23 of Figure 4 of Baker 
describes "display random alpha-numeric array as NxM matrix of N rows and M 
columns." Within the specification of Baker, steps 22 and 23 of Figure 4 are 
described as "a pseudorandom algorithm is used 22 to randomly order the 
integers zero through nine and letters A through Z. The nature of the particular 
pseudorandom algorithm is important only to the extent that it has a nearly 
uniform distribution such that all the possible sequences of the alphanumeric 
characters occur with nearly equal likelihood" and "the randomly ordered 
characters are then displayed 23 in an N by M matrix where N times M is thirty- 
six. A six by six matrix is used in the preferred embodiment although a nine by 
four and four by nine matrix are other possible arrangements." Baker, col. 3, 
lines 15-32. Appellants submitted that even without considering Baker in its 
entirety, it is clear from the portions of Baker cited that Baker describes 
generating an array of the same set of 36 different characters, for each password 
letter entry, and displaying the array of the same 36 different characters at the 
same time in a matrix. Baker's description of an algorithm that is "pseudorandom 
to the extent that it has a nearly uniform distribution such that all possible 
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sequences of the alphanumeric characters occur with nearly equal likelihood" 
describes making sure that the same random array of the set of 36 different 
characters for concurrent display does not continue to be generated. Appellants 
respectfully submitted and continue to submit that displaying a different random 
array of the same set of 36 different characters in a matrix for each password 
letter entry as described in Baker does not describe "where array of alpha- 
numeric characters are displayed in a visibly detectable frequency" as claimed in 
the Final Office Action. 

In response to Appellants' previous assertions as to the scope and 
contents of Baker, in the Final Office Action the Examiner states that "Baker 
discloses [see Fig. 4, for example] a password algorithm of generating and 
displaying alpha-numeric characters [steps 22 and 23], and then the user selects 
a column and row; i.e. character position [step 24] by visually following the 
randomly changing alpha-numeric [or stream] characters." [Final Office Action, 
p. 3] Appellants respectfully submit that the Examiner has erred in this 
interpretation of the scope and contents of Baker. Appellants note that that Step 
24 of Baker actually reads "user selects column or row of matrix containing 
password character". Step 24 of Baker, and Baker as a whole, do not teach the 
randomly changing "stream" of characters as inserted by the Examiner. In 
addition, even if the user visually looks within the matrix of Baker to identify the 
row and column of a matrix containing a password character, step 24 of Baker 
does not teach the user visually looking within a matrix of characters to follow a 
changing stream of characters and visually identifying a particular character 
within said changing stream of random characters is displayed at a visibly 
detectable higher frequency as is claimed. 

In considering the differences between Baker and claim 1 , a clear 
difference between the prior art and claim 1 is that the prior art does not teach a 
particular character of the changing stream of characters displayed at a 
visibly detectable higher frequency. In Appellant's previous response dated 
4/17/08 (page 10), Appellants submitted: 
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"In particular, the Office Action cites Baker as reading on "where 
array of alpha-numeric characters are displayed in a visibly 
detectable frequency", which does not address the claimed element 
of a particular character of the changing stream of characters 
displayed at a visibly detectable higher frequency. In addition, 
neither the Office Action nor Baker teaches any particular character 
that is included in a changing stream of characters or any particular 
character that is displayed at visibly detectable higher frequency 
within the changing stream of characters." 

Appellants note that the Final Office Action fails to address this difference 
between Baker and claim 1 of Baker not teaching any particular character 
displayed at a higher frequency than other characters. Appellants continue to 
submit that a clear difference between Baker and claim 1 is that Baker does not 
teach any particular character displayed at a higher frequency than other 
characters, and claim 1 clearly teaches the element of a particular character of 
the changing stream of characters displayed at a visibly detectable higher 
frequency . 

In addition, in considering the differences between Baker and claim 1, 
Appellants previously submitted in the response dated 4/17/08 (pages 10-11) 
and continue to submit that in considering the scope and contents of Baker, a 
prior art reference must be considered in its entirety, i.e. as a whole, including 
portions that would lead away from the claimed invention. W.L. Gore & 
Associates, Inc., v. Gariock, Inc., 721 F.2d 1540, 220 USPQ 303 (Fed. Cir. 
1983). Appellants submitted and continue to submit that when Baker is properly 
considered in its entirety, the portions of Baker which lead away from the claimed 
invention are clear. In particular, Appellants previously submitted, and continue 
to submit: 

"when Baker is considered as a whole, it is clear Baker 
teaches away from the claimed element of a particular character in 
a stream of characters displayed at a visibly detectable higher 
frequency. As a whole, Baker describes the importance of each 
possible character of the 36 different characters appearing in the 
matrix with equal probability. Baker, col. 2, lines 1-6. In particular, 
Baker describes that for each password letter to be selected, the 
same set of 36 different characters is displayed and the user only 
selects the row or column that displays the letter of the password, 
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so that "since the successive characters of the memorized 
password appear with equal probability in columns or rows of the 
matrix, the actual columns or rows selected are most likely different 
each time the password is entered." Baker, col. 2, lines 1-6, col. 3, 
line 63- col. 4, line 19. Thus, Applicants submit that Baker's 
description of displaying the same set of 36 different characters for 
each password entry teaches away from any particular character 
being displayed at a visibly detectable higher frequency because 
displaying any single character at a visibly detectable higher 
frequency would allow an unauthorized user to more easily 
determine which character a user selects within a row or column, if 
that character also appeared in other rows or columns." 

Appellants respectfully note that the Final Office Action fails to address 
Appellants argument that Baker teaches away from any particular character 
displayed at a visibly detectable higher frequency. In addition, Appellants 
respectfully submit that the Examiner has erred in considering the differences 
between Baker and claim 1 because the Examiner has failed to Baker's lack of 
teaching a high frequency character and the portions of Baker that clearly teach 
away from a particular character of the changing stream of characters displayed 
at a visibly detectable higher frequency . 

Therefore, in view of the scope and content of Baker and the differences 
between Baker and claim 1 , it is clear that the differences between Baker and 
claim 1 are not such that claim 1 as a whole would have been obvious to one 
with skill in the art at the time of the invention, and therefore the Final Office 
Action fails to establish a prima facie case of obviousness as to claim 1 . In 
particular, the Examiner only cites Baker as reading on the claimed element of 
displaying a password prompt comprising a changing stream of random 
characters, wherein a particular character within said changing stream of random 
characters is displayed at a visibly detectable higher frequency . Appellants 
respectfully submit that it is clear that the gap between the prior art and claim 1 is 
so wide as to render the claims nonobvious to one of ordinary skill in the art. 
Clearly, Baker does not teach displaying a password prompt comprising a 
changing stream of random characters and Baker does not teach a particular 
character within the changing stream of random characters displayed at a visibly 
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detectable higher frequency. Moreover, Baker clearly teaches again a particular 
character within the changing stream of random characters displayed at a visibly 
detectable higher frequency. Further, there is no modification proposed in the 
Final Office Action for Baker to teach these elements. 

Because a proper Graham factual findings indicate differences between 
Baker and claim 1 and no clear articulation of the reasons why the claimed 
invention of claim 1 would have been obvious is provided, the Office erred in 
finding prima facie obviousness as to claim 1 . MPEP 2141 , IV. Because the 
Office fails to find prima facie obviousness as to claim 1 , Appellants respectfully 
request withdrawal of the rejection under 35 USC 103(a) and allowance of the 
claims. 

receiving input to increment or decrement said particular character to reach a 
password character of a password 

The Final Office Action states that Baker does not teach receiving input to 
increment or decrement said particular character to reach a password character 
of a password . [Final Office Action, p. 5] In addition, the Final Office Action cites 
Figures 1 and 2, and for example col. 2, lines 36-32 of Hoover as reading on 
receiving input to increment or decrement said particular character to reach a 
password character of a password . [Final Office Action, p. 5] 

In considering the scope and content of Hoover, Hoover in general 

describes selecting a password by selecting one of multiple displayed fields 

containing characters, where if a hacker is tracking a user's keyboard or mouse 

entries, the hacker cannot determine a password selection from the keyboard or 

mouse based selections of fields. Hoover, abstract, col. 2, lines 6-9. Col. 2, lines 

36-63 of Hoover read: 

In yet another embodiment, shown in FIG. 1 , a randomly 
initialized "bingo card" could be displayed, with the user entering 
the PIN by clicking on the correct character in each column of the 
bingo card. The current PIN could be displayable adjacent to the 
bingo card (FIG. 1 ) or the selected PIN characters could be 
highlighted on the bingo card. The current PIN could be 
displayable adjacent to the bingo card (FIG. 1 ) or the selected PIN 
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characters could be highlighted on the bingo card, e.g. by changing 
the color or shading of the selected characters. 

In still other embodiments, the user-selectable fields could 
be simply displayed as a series of character boxes, much like a 
crossword puzzle or fill-in-the blank game, with each field being 
initialized to an unpredictable alphanumeric character. For 
example, for a six-digit PIN, the system starts by displaying six 
random digits. To select his PIN, the user cursors through the 
digits. At each digit, he hits the up or down arrow key (to increment 
the digit by +1 or -1 ) an appropriate number of times until the 
desired digit appears. 

Alternatively, as shown in FIG. 2, each particular, initially 
random PIN digit could be adjusted to the correct value by clicking 
on the corresponding "+" or "-" buttons. 

Alternatively, two rows of digits could be used. One row 
could display an initially random PIN digit sequence. The user 
would input to an adjacent row an offset digit sequence such that 
the correct PIN digit sequence was formed when offset digit 
sequence row was added to the initially random PIN digit sequence 
row. The resulting correct PIN digit sequence could be displayed 
adjacent to the other two rows. 

In addition, Figure 1 of Hoover describes an example where for each password 

character, multiple possible fields are displayed and a user clicks on one of the 

fields as the password character and Figure 2 of Hoover describes a user 

viewing a selected random number and then selecting an increment or 

decrement field to reach a password character. Thus, Hoover describes a user 

selecting a field that displays a character or the user entering input to increment 

or decrement a digit displayed in a field. 

Previously, Appellants submitted that in considering the differences 

between Baker and Hoover and the claimed element of receiving input to 

increment or decrement said particular character to reach a password character 

of a password, Appellants submitted the following: 

Applicants respectfully note that in considering claim 1 as a 
whole, the particular character displayed in the password prompt at 
a higher frequency is the character within the changing stream that 
the user enters input to increment or decrement to reach a 
password character of a password. Thus, a difference between 
Baker and Hoover and claim 1 is that Baker describes a user 
selecting a row or column in which a character of a password is 
displayed and Hoover describes a user using keystrokes or a 
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mouse selection to select one of multiple displayed fields containing 
a character or to increment or decrement a digit displayed in a field, 
therefore, clearly neither Baker nor Hoover separately or in 
combination describe a user providing inputs that would adjust the 
particular character displayed at a higher frequency within a 
random stream of characters. In particular, Baker and Hoover, 
separately or in combination, are different from claim 1 because 
Baker and Hoover do not teach that if in a random stream of 
characters displayed at a password prompt, the character "A" is 
displayed at a visibly detectable higher frequency than other 
characters in the stream and if the user enters input to increment, 
the character displayed at a higher frequency in the stream 
changes to "B". 

In the Final Office Action, the Examiner states that "Examiner could not 
understand Appellant's argument clearly because Hoover is applied to claim 1 to 
address the claimed limitation receiving input to increment or decrement said 
particular character to reach a password character of a password . As best 
understood from Appellant's argument, Appellant agrees Hoover teaching the 
limitation, but argues that combination of Baker and Hoover not teaching claim 1 
as a whole." [Final Office Action, p. 3] Appellants did not, and do not agree in 
Appellant's argument that Hoover teaches the limitation. The Examiner states 
that based on Hoover's teachings, "Hoover discloses incrementing or 
decrementing a digit [or password character] to reach at the desired password 
digit [or to reach a password character of a password, as claimed]. One of 
ordinary skill in the art recognizes that the method of Hoover could be applied to 
alpha-numeric characters." 

Appellants respectfully submit that the Examiner has erred by not 
considering claim 1 as a whole in a proper Graham inquiry of the differences 
between Hoover and claim 1 . Claim 1 , when properly considered as a whole, 
teaches the particular character displayed in the password prompt at a higher 
frequency is the character within the changing stream that the user enters input 
to increment and decrement to reach a password character of a password. 
Hoover does not teach receiving input to increment or decrement a high 
frequency character in a changing stream of a password prompt. Therefore, 
clearly a difference between Hoover and claim 1 as a whole is that Hoover does 
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not teach incrementing or decrementing the digit displayed at a higher frequency 
within a changing stream of random characters to reach a desired password digit 
and therefore Hoover does not teach receiving input to increment or decrement 
the higher frequency character within the changing stream of random characters 
to reach a password character of the password. 

After considering the differences between Hoover and claim 1 as a whole, 
in view of the scope and content of Baker and Hoover and the differences 
between Baker and Hoover and claim 1 , it is clear that the differences between 
Baker and Hoover and claim 1 are not such that claim 1 as a whole would have 
been obvious to one with skill in the art at the time of the invention. In particular, 
regardless of the Examiner's stated rationale for obviousness, it is clear that the 
gap between the prior art and claim 1 is so wide as to render the claims 
nonobvious to one of ordinary skill in the art. Clearly Baker only describes 
changing the order of a set of character concurrently displayed within an array of 
characters; Baker does not teach a changing stream of random characters or a 
changing stream of random characters with one of the characters displayed at a 
visibly detectable higher frequency. Hoover does not describe incrementing or 
decrementing a character displayed within a changing stream of random 
characters. It would not be obvious to one of ordinary skill in the art at the time of 
the invention to first modify Baker to teach changing an array of 36 characters 
concurrently displayed to instead teach a changing stream of characters 
displayed at a password prompt, to second modify Baker to teach one of the 
characters to be displayed at a visibly detectable higher frequency in the 
changing stream of characters, and third to then modify Hoover's description of 
incrementing or decrementing the value of a digit in a field to instead teach 
incrementing or decrementing a particular character displayed at a higher 
frequency within a changing stream of characters. 

As to the rationale stated in the Office Action for why claim 1 would have 
been obvious to one of ordinary skill in the art at the time the invention was 
made, the Office Action concludes that "it would have been obvious to a person 
having ordinary skill in the art at the time of Appellant's invention to combine the 
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teachings of Hoover and Baker because both inventions are directed to a method 
of password entry system. Incorporating the input increment and decrement 
feature of Hoover modifies the password entry system of Baker, so that a 
mechanism to prevent an attacker from downloading keystrokes or character 
positions when an authorized user enters password to gain an access to a 
secured system is implemented (see of Background Hoover)." [Final Office 
Action, p. 5] 

Appellants note that rejections on obviousness cannot be sustained by 
mere conclusory statements; instead there must be some articulated reasoning 
with some rational underpinning to support the legal conclusion of obviousness. 
KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 
2141 . In particular, because there are significant differences between Baker and 
Hoover and claim 1 , including a lack of any teaching of a changing stream of 
random characters or a particular character within the changing stream displayed 
at a visibly detectable higher frequency, to establish a prima facie case of 
obviousness, the Office Action should include a clear articulation of a rationale 
for why, in view of the actual scope and content of Baker and Hoover and the 
differences between Baker and Hoover and claim 1, claim 1 would have been 
obvious to one of ordinary skill in the art at the time of the invention. KSR, 82 
USPQ2d at 1396; MPEP 2141 . The conclusory statement as to obviousness 
stated with regard to claim 1 does not clearly articulate why one of ordinary skill 
in the art at the time of invention would have found claim 1 obvious despite the 
fact that Baker and Hoover do not teach at least one of the elements as taught in 
claim 1 . As indicated by Appellants' comparison of the prior art as a whole with 
claim 1 as a whole, and the number and complexity of modifications required to 
reach claim 1 as a whole through the combination of the prior art, Appellants 
respectfully assert that a mere statement of a reason that a person of ordinary 
skill in the art might combine Baker and Hoover based on preventing an attacker 
from downloading keystrokes or character positions does not reach the level of 
articulated reasoning within some rational underpinning required to support the 
legal conclusion of obviousness required under 35 USC 101 and KSR 
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International, and further does not clearly articulate any of the rationales stated in 
section 2100 of the MPEP as exemplary rationales. Because there is no clear 
and explicit articulated reasoning with a clear rationale underpinning to support 
the legal conclusion of obviousness, the Office Action fails to establish a prima 
facie case of obviousness as to claim 1 . 

Therefore, because a proper Graham factual findings indicate differences 
between Baker and Hoover and claim 1 and no clear articulation of the reasons 
why the claimed invention of claim 1 would have been obvious is provided, the 
Office erred in finding prima facie obviousness as to claim 1 . MPEP 2141 , IV. 
Because the Office fails to find prima facie obviousness as to claim 1 , Appellants 
respectfully request withdrawal of the rejection under 35 USC 103(a) and 
allowance of the claims. 

Claims 2-9 

Appellants respectfully assert that because claim 1 is nonobvious under 35 USC 
103(a), claims 2-9 which depend on claim 1 are also nonobvious and should be 
allowed. In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988). 

Claim 2 

Claim 2 currently reads: 

2. The method according to claim 1 for secure password entry, 
further comprising: 

displaying a plurality of character positions, wherein a 
stream of random characters is displayed in each of said plurality of 
character positions, wherein a particular position from among said 
plurality of character positions provides said password prompt. 

Appellants respectfully assert that the Office has erred in finding a prima 
facie case of obviousness as to claim 2 because under a proper Graham 
analysis, when Baker and Hoover are considered as a whole, the references, do 
not teach the elements of claim 2 and there is no clear statement as to the 
rationale for one of ordinary skill in the art finding claim 2 as a whole obvious in 
view of the differences between Baker and Hoover and claim 2. 
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First, in a Graham inquiry, as to the scope and contents of Baker, the Final 
Office Action cites Figures 2-3 and col. 2, line 57-col. 3, line 12 of Baker as 
describing "where plurality of character positions of positions are displayed" and 
as reading on the claimed element of displaying a plurality of character positions, 
wherein a stream of random characters is displayed in each of said plurality of 
character positions and step 24 of Fig. 4 and col. 3, lines 12-44 of Baker as 
describing "where user selects a particular position" and as reading on wherein a 
particular position from among said plurality of character positions provides said 
password prompt . [Final Office Action, p. 6] The Final Office Action does not 
consider Hoover separately as to claim 2. 

Second, in a Graham inquiry, as to the differences between Baker and 
claim 2, Appellants previously asserted in a response dated 04/17/08 (page 15), 
and continue to assert that as to the differences between Baker and claim 2, a 
clear difference between Baker and claim 2 is that Figures 2 and 3 of Baker 
describes a password prompt that includes, for each password character entry, a 
separate display of a matrix of a set of 36 different characters, where the user 
selects a row or column that includes the password character. Baker's password 
prompt of a matrix of 36 characters and options for a user to select a row or 
column of the matrix does not teach displaying multiple character positions, with 
a different stream of random characters in each position, with a particular 
position providing the password prompt. The Final Office Action fails to respond 
to Appellants previous assertion as to these clear differences between Baker and 
claim 2. 

Appellants respectfully submit that in view of the differences between 
Baker and claim 2 and the lack of teaching of multiple character positions with a 
stream of random characters displayed in each of the character positions, 
Appellants respectfully assert that as to claim 2, establishing a prima facie case 
of obviousness requires an articulation of why in view of the differences between 
Baker and Hoover and claim 2, claim 2 as a whole would have been obvious 
under Baker and Hoover to one skilled in the art at the time of the invention. 
Appellants respectfully submit that the Examiner has erred in concluding that a 
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prima facie case of obviousness is established for claim 2 without any rationale 
basis for why claim 2 as a whole would have been obvious under Baker and 
Hoover to one skilled in the art at the time of the invention. 

Claim 8 

Claim 8 reads: 

8. The method according to claim 1 for secure password entry, 
further comprising: 

generating said stream of random characters, wherein said 
particular character is randomly selected. 

Appellants respectfully assert that the Office has erred in finding a prima facie 
case of obviousness as to claim 8 because under a proper Graham analysis, 
when Baker and Hoover are considered as a whole, the references, do not teach 
the elements of claim 8 as a whole and there is no clear statement as to the 
rationale for one of ordinary skill in the art finding claim 8 as a whole obvious in 
view of the differences between Baker and Hoover and claim 8. 

First, in the Graham inquiry, as to the scope and contents of Baker, the 
Office Action cites the abstract, Figures 2 and 3, step 23, and col. 1 , line 55 to 
col. 2, line 10 of Baker as describing "where array of random characters are 
displayed" and as reading on generating said stream of random characters, 
wherein said particular character is randomly selected . [Final Office Action, p. 7] 
Appellants note, as previously discussed, that Baker as a whole describes 
displaying a matrix with a set of 36 different characters, concurrently displayed, 
for a user to select a column or row that includes a password character. To the 
extent that Baker describes random characters, as noted in the Final Office 
Action, Baker describes an array of random characters displayed, with Baker as 
a whole describing that the same 36 different characters, which are all possible 
characters of a password, are randomized within each iteration of the array of 
characters concurrently displayed. 

Second, in the Graham inquiry, as to the differences between Baker and 
Hoover and claim 8, Appellants respectfully assert that in considering claim 8 as 



Appeal Brief 



24 



Serial No. 10/849,610 
Atty Docket No. AUS920040101 US1 

a whole, including the limitations of claim 1 upon which it depends, it is clear that 
claim 8 teaches said particular character which is randomly selected and which is 
displayed at a visibly detecting higher frequency. Appellants respectfully assert 
that a clear difference between Baker and claim 8 is that Baker describes 
randomizing the order in which the same set of 36 different characters are 
concurrently displayed in a matrix, which does not teach generating a stream of 
random characters or selecting a particular character in the stream of random 
characters to be displayed at a higher frequency. The specification of the 
present application provides an example of this "modified" stream of random 
characters, with one random character displayed at a visibly detectable higher 
frequency throughout, and for example, in paragraph 001 8. 

In viewing the scope and content of Baker and Hoover and the differences 
between Baker and Hoover and claim 8, Appellants respectfully assert that the 
differences are not such that claim 8 as a whole would have been obvious to one 
skilled in the art at the time of the invention. In particular, Appellants respectfully 
assert that there is gap between Baker's description of displaying a matrix of a 
randomly ordered array of a set of 36 different characters and the claimed 
elements of generating a stream of random characters modified with a particular 
character displayed at a visibly detectable higher frequency and the particular 
character randomly selected, that render the claim nonbovious to one with skill in 
the art. 

Claim 9 

Claim 9 reads: 

9. The method according to claim 1 for secure password entry, 
further comprising: 

adjusting a frequency percentage at which said particular 
character is displayed in said stream of random characters. 

Appellants respectfully assert that the Office has erred in finding a prima 
facie case of obviousness as to claim 9 because under a proper Graham 
analysis, when Baker and Hoover are considered as a whole, the references, do 
not teach the elements of claim 9 as a whole and there is no clear statement as 
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to the rationale for one of ordinary skill in the art finding claim 9 as a whole 
obvious in view of the differences between Baker and Hoover and claim 9. 

First, in the Graham inquiry, as to the scope and contents of Baker, the 
Final Office Action states that Baker fails to teach the elements of claim 9 of 
adjusting a frequency percentage at which said particular character is displayed 
in said stream of random characters , but the Office Action states that "Baker 
teaches displaying randomized alpha-numeric matrix array of characters at 
constant frequency" in Figures 2-3 and step 23. [Final Office Action, p. 7] 
Appellants note again that Baker as a whole teaches displaying the alpha- 
numeric array of the set of 36 different characters randomized within a displayed 
matrix. 

Second, in the Graham inquiry, as to the differences between Baker and 
claim 9, it is clear that Baker describes displaying the same set of 36 different 
characters for each password character entry and no portion of Baker describes 
displaying any particular character at a higher or lower frequency than any other 
character. In addition, as previously noted, Baker teaches away from a 
modification that would increase or decrease the frequency of a particular 
character, because then an array may be displayed that does not include the 
password character or an array may be displayed that includes the password 
character on more rows or columns than 1 , which would significant increase a 
hacker's success in guessing which rows or columns contained the password 
character, even without having to track previous keystrokes. In contrast, claim 9 
teaches adjusting the frequency percentage that the high frequency character is 
displayed in a changing stream of random characters at a password prompt, 
such that a hacker might be able to detect the high frequency character, but 
would still have to guess at incrementing or decrementing that character to the 
password character. 

In viewing the scope and content of Baker and Hoover and the differences 
between Baker and Hoover and claim 8, Appellants respectfully assert that the 
differences are not such that claim 8 as a whole would have been obvious to one 
skilled in the art at the time of the invention. In particular, Appellants respectfully 
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assert that there is gap between Baker's description of displaying a randomized 
alpha-numeric matrix array of a set of 36 different characters "at constant 
frequency" and the claimed elements of adjusting a frequency percentage at 
which a particular displayed at a higher frequency is displayed, that requires 
significant modifications to reach, which renders the claim nonbovious to one 
with skill in the art. 

Appellants note that rejections on obviousness cannot be sustained by 
mere conclusory statements; instead there must be some articulated reasoning 
with some rational underpinning to support the legal conclusion of obviousness. 
KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 
2141 . In particular, because there are significant differences between Baker and 
Hoover and claim 9, to establish a prima facie case of obviousness, the Office 
Action should include a clear articulation of a rationale for why, in view of the 
actual scope and content of Baker and Hoover and the differences between 
Baker and Hoover and claim 9, claim 9 would have been obvious to one of 
ordinary skill in the art at the time of the invention. KSR, 82 USPQ2d at 1396; 
MPEP 2141 . The Office Action concludes that "it would have been obvious to a 
person having ordinary skill in the art at the time of Appellant's invention to 
modify the system of Baker to display characters in an adjusted frequency 
percentage in order to enhance the password entry display unit, which would 
further discourage and confuse an attacker while eavesdropping". [Final Office 
Action, p. 7] As indicated by Appellants' comparison of the prior art as a whole 
with claim 9 as a whole, and Baker teaching away from the Examiner's proposed 
modification, Appellants respectfully assert that a mere statement of a reason 
that a person of ordinary skill in the art might combine Baker and Hoover based 
on discouraging and confusing an attacker while eavesdropping is not supported 
by Baker and does not reach the level of articulated reasoning within some 
rational underpinning required to support the legal conclusion of obviousness 
required under 35 USC 101 and KSR International. Because there is no clear 
and explicit articulated reasoning with a clear rationale underpinning to support 
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the legal conclusion of obviousness, the Office Action fails to establish a prima 
facie case of obviousness as to claim 9. 

Therefore, because a proper Graham factual findings indicate differences 
between Baker and Hoover and claim 9 and no clear articulation of the reasons 
why the claimed invention of claim 9 would have been obvious is provided, the 
Examiner erred in finding prima facie obviousness as to claim 9. MPEP 2141, IV. 
Because the Examiner fails to find prima facie obviousness as to claim 9, 
Appellants respectfully request withdrawal of the rejection under 35 USC 103(a) 
and allowance of the claims. 
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CONCLUSION 

It is therefore respectfully requested that the Examiner's rejection of 
claims 1-9 under 35 U.S.C. §1 03(a) be reversed and the claims allowed. 

Please charge the fee of $500.00 for submission of an Appeal Brief under 
37 CFR 41 .20(b)(2) to IBM Corporation Deposit Account No. 09-0447. No 
additional filing fee is believed to be necessary; however, in the event that any 
additional fee is required, please charge it to IBM Corporation Deposit Account 
No. 09-0447. 



Respectfully submitted, 

By /Amy J. Pattillo. Reg. No. 46,983/ 
AMY J. PATTILLO 
Registration No. 46,983 
P.O. BOX 161327 
AUSTIN, TEXAS 78716 
ATTORNEY FOR APPELLANTS 
Telephone: 512-402-9820 
Facsimile: 512-306-0417 
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VIM. Claims Appendix 
The Claims involved in the Appeal are as follows: 

1 . A computer-implemented method for secure password entry, comprising: 
displaying a password prompt comprising a changing stream of random 

characters, wherein a particular character within said changing stream of random 
characters is displayed at a visibly detectable higher frequency; and 

receiving input to increment or decrement said particular character to 
reach a password character of a password. 

2. The method according to claim 1 for secure password entry, further 
comprising: 

displaying a plurality of character positions, wherein a stream of random 
characters is displayed in each of said plurality of character positions, wherein a 
particular position from among said plurality of character positions provides said 
password prompt. 

3. The method according to claim 2 for secure password entry, further 
comprising: 

adjusting which character position from among said plurality of character 
positions provides said password prompt. 

4. The method according to claim 2 for secure password entry, further 
comprising: 

adjusting a number of said plurality of character positions. 
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5. The method according to claim 1 for secure password entry, further 
comprising: 

responsive to receiving input of a character selection input for selecting 
said particular character, selecting said particular character as said password 
character from among a plurality of separately selectable password characters of 
said password; and 

responsive to receiving input of a password completion character 
indicating that said password is complete, securely passing each separately 
selected password character of said password to a requesting software layer. 

6. The method according to claim 1 for secure password entry, further 
comprising: 

responsive to receiving a request for a password from a software layer 
within a data processing system, invoking a password entry controller from within 
said data processing system, wherein said password entry controller controls 
said displaying said password prompt and said receiving input to increment or 
decrement said particular character. 

7. The method according to claim 1 for secure password entry, further 
comprising: 

responsive to receiving, at a client system, a request for a password entry 
from a server system from which said client system is attempting to access a 
resource, invoking a password entry controller from within said data processing 
system, wherein said password entry controller controls said displaying said 
password prompt and said receiving input to increment or decrement said 
particular character. 

8. The method according to claim 1 for secure password entry, further 
comprising: 

generating said stream of random characters, wherein said particular 
character is randomly selected. 
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9. The method according to claim 1 for secure password entry, further 
comprising: 

adjusting a frequency percentage at which said particular character is 
displayed in said stream of random characters. 
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IX. Evidence Appendix 

There is no evidence submitted pursuant to §§ 1 .1 30, 1 .1 31 , or 1 .1 32 or 
any other evidence entered by the Examiner that is relied upon by Appellants in 
the appeal. 
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X. Related Proceedings Appendix 



There are no decisions rendered by a court or the Board in any related 
appeals. 



Appeal Brief 



35 



